Statistical decoding

@article{DebrisAlazard2017StatisticalD,
  title={Statistical decoding},
  author={Thomas Debris-Alazard and Jean-Pierre Tillich},
  journal={2017 IEEE International Symposium on Information Theory (ISIT)},
  year={2017},
  pages={1798-1802}
}
The security of code-based cryptography relies primarily on the hardness of generic decoding with linear codes. The best generic decoding algorithms are all improvements of an old algorithm due to Prange: they are known under the name of information set decoding techniques (ISD). A while ago a generic decoding algorithm which does not belong to this family was proposed: statistical decoding. It is a randomized algorithm that requires the computation of a large set of parity-check equations of… 

Figures from this paper

Improvement of Binary and Non Binary Statistical Decoding Algorithm
TLDR
This paper improves the Information-Set Decoding algorithm using the notion of bases lists in binary case and gives a non binary version of this improvement.
Survey on cryptanalysis of code-based cryptography: From theoretical to physical attacks
TLDR
Some background on coding theory is proposed in order to present some of the main flawless in the protocols and analyze the existing side-channel attacks and give some recommendations on how to securely implement the most suitable variants.
Generalized Inverse Based Decoding
TLDR
The GID framework clearly shows how each ISD algorithm, except for Prange’s solution, can be used as an SDP or LWP solver and Experimental results show a very good behavior of the GID solvers.
A tight security reduction in the quantum random oracle model for code-based signature schemes
TLDR
It is shown that code-based signature schemes based on the full domain hash paradigm can behave very well in the QROM i.e. that the authors can have tight security reductions and the obtained parameters are competitive compared to other similar quantum secure signature schemes.
A polynomial attack on a NIST proposal: RankSign, a code-based signature in rank metric
TLDR
All the parameters proposed for this scheme in [AGH17] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords.
An attack on a NIST proposal: RankSign, a code-based signature in rank metric
TLDR
All the parameters proposed for this scheme in \cite{AGHRZ17} can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords.
Two attacks on rank metric code-based schemes: RankSign and an Identity-Based-Encryption scheme
TLDR
All the parameters proposed for this scheme in [AGHRZ17] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords, and the IBE cannot be instantiated at this time.
Correlated Pseudorandom Functions from Variable-Density LPN
TLDR
This work presents efficient constructions of PCFs for a broad class of useful correlations, including oblivious transfer and multiplication triple correlations, from a variable-density variant of the Learning Parity with Noise assumption (VDLPN).
Efficient Pseudorandom Correlation Generators from Ring-LPN
TLDR
This work showed how useful forms of correlated randomness can be generated using a cheap, one-time interaction, followed by only “silent” local computation via a pseudorandom correlation generator (PCG).
The problem with the SURF scheme
There is a serious problem with one of the assumptions made in the security proof of the SURF scheme. This problem turns out to be easy in the regime of parameters needed for the SURF scheme to work.

References

SHOWING 1-10 OF 20 REFERENCES
Decoding Random Linear Codes in Õ(20.054n)
TLDR
A new algorithm for decoding linear codes is presented that is inspired by a representation technique due to Howgrave-Graham and Joux in the context of subset sum algorithms that offers a rigorous complexity analysis for random linear codes and brings the time complexity down to O 20.05363n.
Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding
TLDR
It is shown how to further increase the number of representations and propose a new information set decoding algorithm with running time 20.0494n, which was improved to 20.0537n by May, Meurer and Thomae.
Analysis of Information Set Decoding for a Sub-linear Error Weight
TLDR
It is proved here that the constant c only depends of the code rate ki¾ź/iµn and is the same for all the known ISD variants mentioned above, including the fifty years old Prange algorithm.
On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes
TLDR
A new decoding algorithm for random binary linear codes, on which all variants of the currently best known decoding algorithms are build, is proposed.
The use of information sets in decoding cyclic codes
  • E. Prange
  • Computer Science
    IRE Trans. Inf. Theory
  • 1962
TLDR
A class of decoding algorithms using encoding-and-comparison is considered for error-correcting code spaces and it is suggested on operational grounds that it may prove most useful in those cases where m is relatively large with respect to the code length n.
Statistical Decoding Revisited
TLDR
This paper looks at the statistical decoding attack on the McEliece cryptosystem, a probabilistic algorithm for correcting errors in random codes that uses precomptuations to provide faster error correction than the classical general decoding algorithms.
Security Bounds for the Design of Code-Based Cryptosystems
TLDR
Lower bounds are given on the work factor of idealized versions of code-based cryptography algorithms, taking into account all possible tweaks which could improve their practical complexity.
A Statistical Decoding Algorithm for General Linear Block Codes
TLDR
A new decoding algorithm for general linear block codes that generates a direct estimate of the error locations based on exploiting the statistical information embedded in the classical syndrome decoding.
Modeling Bit Flipping Decoding Based on Nonorthogonal Check Sums With Application to Iterative Decoding Attack of McEliece Cryptosystem
TLDR
The tradeoff between the Hamming weight (and overlapping) of the check sums and the number of redundant check sums required to start converging under iterative decoding is investigated.
MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes
TLDR
This work proposes two McEliece variants: one from Moderate Density Parity-Check (MDPC) codes and another from quasi-cyclic MDPC codes, which reduce under certain hypotheses the security of the scheme to the well studied decoding problem.
...
1
2
...